Iran blocking essentially all encyrpted protocols
Haven't seen this come through on NANOG yet: http://arstechnica.com/tech-policy/news/2012/02/iran-reportedly-blocking-enc... Can anyone with the ability confirm that TCP/443 traffic from Iran has stopped?
Probably better than Iran doing man-in-the-middle... Thanks, Donald ============================= Donald E. Eastlake 3rd +1-508-333-2270 (cell) 155 Beaver Street, Milford, MA 01757 USA d3e3e3@gmail.com On Fri, Feb 10, 2012 at 1:26 PM, Ryan Malayter <malayter@gmail.com> wrote:
Haven't seen this come through on NANOG yet: http://arstechnica.com/tech-policy/news/2012/02/iran-reportedly-blocking-enc...
Can anyone with the ability confirm that TCP/443 traffic from Iran has stopped?
----- Original Message -----
From: "Ryan Malayter" <malayter@gmail.com>
Haven't seen this come through on NANOG yet: http://arstechnica.com/tech-policy/news/2012/02/iran-reportedly-blocking-enc...
Can anyone with the ability confirm that TCP/443 traffic from Iran has stopped?
Lauren scooped you on Privacy by about 6 minutes. :-) Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
correct, it's down in Iran, A few of my contacts got back to me confirming this a few hours ago. -----Original Message----- From: Jay Ashworth Sent: Friday, February 10, 2012 2:29 PM To: NANOG Subject: Re: Iran blocking essentially all encyrpted protocols ----- Original Message -----
From: "Ryan Malayter" <malayter@gmail.com>
Haven't seen this come through on NANOG yet: http://arstechnica.com/tech-policy/news/2012/02/iran-reportedly-blocking-enc...
Can anyone with the ability confirm that TCP/443 traffic from Iran has stopped?
Lauren scooped you on Privacy by about 6 minutes. :-) Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
Yes I am from Iran and outgoing TCP/443 has been stoped ;) -- Regards, Shahab Vahabzadeh, Network Engineer and System Administrator PGP Key Fingerprint = 8E34 B335 D702 0CA7 5A81 C2EE 76A2 46C2 5367 BF90 On Feb 10, 2012, at 9:56 PM, Ryan Malayter <malayter@gmail.com> wrote:
Haven't seen this come through on NANOG yet: http://arstechnica.com/tech-policy/news/2012/02/iran-reportedly-blocking-enc...
Can anyone with the ability confirm that TCP/443 traffic from Iran has stopped?
And in response http://www.forbes.com/sites/andygreenberg/2012/02/10/as-iran-cracks-down-onl... (quoting) : “Basically, say you want to look like an XMPP chat instead of SSL,” he writes to me, referring to a protocol for instant messaging as the decoy for the encrypted SSL communications. “Obfsproxy should start up, you choose XMPP, and obfsproxy should emulate XMPP to the point where even a sophisticated [deep packet inspection] device cannot find anything suspicious.” Regards Marshall On Fri, Feb 10, 2012 at 2:03 PM, Shahab Vahabzadeh <sh.vahabzadeh@gmail.com> wrote:
Yes I am from Iran and outgoing TCP/443 has been stoped ;)
-- Regards, Shahab Vahabzadeh, Network Engineer and System Administrator
PGP Key Fingerprint = 8E34 B335 D702 0CA7 5A81 C2EE 76A2 46C2 5367 BF90
On Feb 10, 2012, at 9:56 PM, Ryan Malayter <malayter@gmail.com> wrote:
Haven't seen this come through on NANOG yet: http://arstechnica.com/tech-policy/news/2012/02/iran-reportedly-blocking-enc...
Can anyone with the ability confirm that TCP/443 traffic from Iran has stopped?
It is not accessible to with XMPP, yahoo google none of them is not accessible from Iran. I have not try obfsproxy but as a ordinary connection we do not have https :) -- Regards, Shahab Vahabzadeh, Network Engineer and System Administrator PGP Key Fingerprint = 8E34 B335 D702 0CA7 5A81 C2EE 76A2 46C2 5367 BF90 On Feb 10, 2012, at 11:37 PM, Marshall Eubanks <marshall.eubanks@gmail.com> wrote:
And in response
http://www.forbes.com/sites/andygreenberg/2012/02/10/as-iran-cracks-down-onl...
(quoting) :
“Basically, say you want to look like an XMPP chat instead of SSL,” he writes to me, referring to a protocol for instant messaging as the decoy for the encrypted SSL communications. “Obfsproxy should start up, you choose XMPP, and obfsproxy should emulate XMPP to the point where even a sophisticated [deep packet inspection] device cannot find anything suspicious.”
Regards Marshall
On Fri, Feb 10, 2012 at 2:03 PM, Shahab Vahabzadeh <sh.vahabzadeh@gmail.com> wrote:
Yes I am from Iran and outgoing TCP/443 has been stoped ;)
-- Regards, Shahab Vahabzadeh, Network Engineer and System Administrator
PGP Key Fingerprint = 8E34 B335 D702 0CA7 5A81 C2EE 76A2 46C2 5367 BF90
On Feb 10, 2012, at 9:56 PM, Ryan Malayter <malayter@gmail.com> wrote:
Haven't seen this come through on NANOG yet: http://arstechnica.com/tech-policy/news/2012/02/iran-reportedly-blocking-enc...
Can anyone with the ability confirm that TCP/443 traffic from Iran has stopped?
FWIW: A colleague in Iran was able to connect to a server in the US using HTTPS on a non-standard port (9999). It appears that the Iranian government is not blocking TLS/HTTPS per se, but just port 443. So in principle, if there were just some HTTPS proxies using non-standard ports, then people would be able to get out. At least until (1) the addresses of the proxies become known to the regime, or (2) they start blocking cross-border TLS altogether. --Richard On Fri, Feb 10, 2012 at 12:07 PM, Marshall Eubanks <marshall.eubanks@gmail.com> wrote:
And in response
http://www.forbes.com/sites/andygreenberg/2012/02/10/as-iran-cracks-down-onl...
(quoting) :
“Basically, say you want to look like an XMPP chat instead of SSL,” he writes to me, referring to a protocol for instant messaging as the decoy for the encrypted SSL communications. “Obfsproxy should start up, you choose XMPP, and obfsproxy should emulate XMPP to the point where even a sophisticated [deep packet inspection] device cannot find anything suspicious.”
Regards Marshall
On Fri, Feb 10, 2012 at 2:03 PM, Shahab Vahabzadeh <sh.vahabzadeh@gmail.com> wrote:
Yes I am from Iran and outgoing TCP/443 has been stoped ;)
-- Regards, Shahab Vahabzadeh, Network Engineer and System Administrator
PGP Key Fingerprint = 8E34 B335 D702 0CA7 5A81 C2EE 76A2 46C2 5367 BF90
On Feb 10, 2012, at 9:56 PM, Ryan Malayter <malayter@gmail.com> wrote:
Haven't seen this come through on NANOG yet: http://arstechnica.com/tech-policy/news/2012/02/iran-reportedly-blocking-enc...
Can anyone with the ability confirm that TCP/443 traffic from Iran has stopped?
On 2/11/2012 4:50 PM, Richard Barnes wrote:
FWIW: A colleague in Iran was able to connect to a server in the US using HTTPS on a non-standard port (9999). It appears that the Iranian government is not blocking TLS/HTTPS per se, but just port 443. So in principle, if there were just some HTTPS proxies using non-standard ports, then people would be able to get out. At least until (1) the addresses of the proxies become known to the regime, or (2) they start blocking cross-border TLS altogether.
Or applications (and providers) knew how to use SRV records... AlanC -- alan@clegg.com | 1.919.355.8851
participants (8)
-
Alan Clegg
-
Donald Eastlake
-
James Smith
-
Jay Ashworth
-
Marshall Eubanks
-
Richard Barnes
-
Ryan Malayter
-
Shahab Vahabzadeh